Signature Detail

Short Name	RADIUS:USR-OF
Severity	Medium
Recommended	No
Category	RADIUS
Keywords	Username Buffer Overflow
Release Date	2005/07/11
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

RADIUS: Username Buffer Overflow

This signature detects attempts to exploit a know vulnerability against RADIUS Authentication Bypass protocol. Attackers can craft an overly long username, which can cause the Authentication, Authorization, and Accounting (AAA) process to bypass authentication. This can lead to a buffer overflow and remote execution of arbitrary code.

Extended Description

Cisco IOS Remote Authentication Dial In User Service (RADIUS) is prone to a remote authentication bypass vulnerability. The issue manifests when Cisco IOS is configured to employ AAA RADIUS authentication and is configured to use 'none' as a fallback method. A remote attacker may exploit this issue to bypass authentication and gain unauthorized access to the affected service.

Affected Products

Cisco IOS 12.2B
Cisco IOS 12.2BC
Cisco IOS 12.2BW
Cisco IOS 12.2BX
Cisco IOS 12.2BY
Cisco IOS 12.2BZ
Cisco IOS 12.2CX
Cisco IOS 12.2CY
Cisco IOS 12.2CZ
Cisco IOS 12.2EW
Cisco IOS 12.2EWA
Cisco IOS 12.2EY
Cisco IOS 12.2EZ
Cisco IOS 12.2JA
Cisco IOS 12.2JK
Cisco IOS 12.2MB
Cisco IOS 12.2MC
Cisco IOS 12.2MX
Cisco IOS 12.2SE
Cisco IOS 12.2SXD
Cisco IOS 12.2SXE
Cisco IOS 12.2T
Cisco IOS 12.2XB
Cisco IOS 12.2XC
Cisco IOS 12.2XD
Cisco IOS 12.2XE
Cisco IOS 12.2XF
Cisco IOS 12.2XG
Cisco IOS 12.2XH
Cisco IOS 12.2XI
Cisco IOS 12.2XJ
Cisco IOS 12.2XK
Cisco IOS 12.2XL
Cisco IOS 12.2XM
Cisco IOS 12.2XQ
Cisco IOS 12.2XT
Cisco IOS 12.2XW
Cisco IOS 12.2YA
Cisco IOS 12.2YB
Cisco IOS 12.2YC
Cisco IOS 12.2YD
Cisco IOS 12.2YF
Cisco IOS 12.2YG
Cisco IOS 12.2YH
Cisco IOS 12.2YJ
Cisco IOS 12.2YL
Cisco IOS 12.2YM
Cisco IOS 12.2YN
Cisco IOS 12.2YP
Cisco IOS 12.2YQ
Cisco IOS 12.2YR
Cisco IOS 12.2YT
Cisco IOS 12.2YU
Cisco IOS 12.2YV
Cisco IOS 12.2YW
Cisco IOS 12.2YY
Cisco IOS 12.2ZB
Cisco IOS 12.2ZC
Cisco IOS 12.2ZD
Cisco IOS 12.2ZE
Cisco IOS 12.2ZF
Cisco IOS 12.2ZG
Cisco IOS 12.2ZH
Cisco IOS 12.2ZJ
Cisco IOS 12.2ZL
Cisco IOS 12.2ZN
Cisco IOS 12.2ZO
Cisco IOS 12.2ZP
Cisco IOS 12.3
Cisco IOS 12.3B
Cisco IOS 12.3BC
Cisco IOS 12.3BW
Cisco IOS 12.3JA
Cisco IOS 12.3T
Cisco IOS 12.3XA
Cisco IOS 12.3XB
Cisco IOS 12.3XC
Cisco IOS 12.3XD
Cisco IOS 12.3XE
Cisco IOS 12.3XF
Cisco IOS 12.3XG
Cisco IOS 12.3XH
Cisco IOS 12.3XI
Cisco IOS 12.3XJ
Cisco IOS 12.3XK
Cisco IOS 12.3XL
Cisco IOS 12.3XM
Cisco IOS 12.3XN
Cisco IOS 12.3XQ
Cisco IOS 12.3XR
Cisco IOS 12.3XS
Cisco IOS 12.3XT
Cisco IOS 12.3XU
Cisco IOS 12.3XW
Cisco IOS 12.3XX
Cisco IOS 12.3XY
Cisco IOS 12.3YA
Cisco IOS 12.3YB
Cisco IOS 12.3YD
Cisco IOS 12.3YF
Cisco IOS 12.3YG
Cisco IOS 12.3YH
Cisco IOS 12.3YI
Cisco IOS 12.3YJ
Cisco IOS 12.3YK
Cisco IOS 12.3YL
Cisco IOS 12.3YN
Cisco IOS 12.3YQ
Cisco IOS 12.3YR
Cisco IOS 12.3YS
Cisco IOS 12.4

References

BugTraq: 14092
CVE: CVE-2005-2105
URL: http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
URL: http://www.securitytracker.com/alerts/2005/Jun/1014330.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

RADIUS: Username Buffer Overflow

Extended Description

Affected Products

References